/**
 * Copyright (c) 2016-2023, Michael Yang 杨福海 (fuhai999@gmail.com).
 * <p>
 * Licensed under the GNU Lesser General Public License (LGPL) ,Version 3.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * <p>
 * http://www.gnu.org/licenses/lgpl-3.0.txt
 * <p>
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package io.jpress.web.interceptor;

import com.jfinal.aop.Inject;
import com.jfinal.aop.Interceptor;
import com.jfinal.aop.Invocation;
import com.jfinal.kit.Ret;
import io.jboot.utils.RequestUtil;
import io.jboot.utils.StrUtil;
import io.jpress.model.User;
import io.jpress.permission.annotation.NeedAnyPermission;
import io.jpress.permission.annotation.NeedPermission;
import io.jpress.permission.annotation.PermissionDef;
import io.jpress.service.PermissionService;


/**
 * @author Michael Yang 杨福海 （fuhai999@gmail.com）
 * @version V1.0
 * @Title: 管理后台的拦截器
 */
public class PermissionInterceptor implements Interceptor {


    private static final String NO_PERMISSION_VIEW = "/WEB-INF/views/admin/error/nopermission.html";

    @Inject
    private PermissionService permissionService;

    @Override
    public void intercept(Invocation inv) {

        User user = UserInterceptor.getThreadLocalUser();
        if (user == null) {
            renderNoPermissionMessage(inv);
            return;
        }


        PermissionDef defAnnotation = inv.getMethod().getAnnotation(PermissionDef.class);
        if (defAnnotation != null && !permissionService.hasPermission(user.getId(), inv.getActionKey())) {
            renderNoPermissionMessage(inv);
            return;
        }


        NeedPermission needAnnotation = getNeedPermission(inv);
        if (needAnnotation != null) {
            String[] permissionKeys = needAnnotation.value();
            for (String permissionKey : permissionKeys) {
                if (StrUtil.isNotBlank(permissionKey) && !permissionService.hasPermission(user.getId(), buildPermissionKey(permissionKey, inv.getControllerPath()))) {
                    renderNoPermissionMessage(inv);
                    return;
                }
            }
        }


        NeedAnyPermission needAnyAnnotation = getNeedAnyPermission(inv);
        if (needAnyAnnotation != null) {
            String[] permissionKeys = needAnyAnnotation.value();
            boolean hasPermission = false;
            for (String permissionKey : permissionKeys) {
                if (StrUtil.isNotBlank(permissionKey) && permissionService.hasPermission(user.getId(), buildPermissionKey(permissionKey, inv.getControllerPath()))) {
                    hasPermission = true;
                    break;
                }
            }

            if (!hasPermission) {
                renderNoPermissionMessage(inv);
                return;
            }
        }

        inv.invoke();

    }

    public void renderNoPermissionMessage(Invocation inv) {
        if (RequestUtil.isAjaxRequest(inv.getController().getRequest())) {
            inv.getController().renderJson(Ret.fail().set("message", "您没有权限操作此功能。"));
        } else {
            inv.getController().render(NO_PERMISSION_VIEW);
        }
    }


    private NeedPermission getNeedPermission(Invocation inv) {
        NeedPermission needPermission = inv.getMethod().getAnnotation(NeedPermission.class);
        return needPermission != null ? needPermission : inv.getController().getClass().getAnnotation(NeedPermission.class);
    }


    private NeedAnyPermission getNeedAnyPermission(Invocation inv) {
        NeedAnyPermission needAnyPermission = inv.getMethod().getAnnotation(NeedAnyPermission.class);
        return needAnyPermission != null ? needAnyPermission : inv.getController().getClass().getAnnotation(NeedAnyPermission.class);
    }


    private static String buildPermissionKey(String permissionKey, String currentControllerPath) {
        if (permissionKey != null && permissionKey.startsWith("./")) {
            if ("./index".equals(permissionKey)) {
                permissionKey = "./";
            }

            return currentControllerPath + permissionKey.substring(1);
        }
        return permissionKey;
    }
}
